package cn.ibizlab.util.adapter.service.impl;

import cn.ibizlab.util.security.AuthenticationUser;
import net.ibizsys.central.cloud.core.dataentity.security.DataEntityAccessManager;
import net.ibizsys.central.cloud.core.dataentity.wf.IDEWFRuntime;
import net.ibizsys.central.cloud.core.security.IEmployeeContext;
import net.ibizsys.central.cloud.core.util.domain.WFEditableFields;
import net.ibizsys.central.dataentity.security.IDEUserRoleRuntime;
import net.ibizsys.central.dataentity.security.dr.IDataEntityDRProvider;
import net.ibizsys.central.security.ISysUserRoleRuntime;
import net.ibizsys.central.util.ISearchGroupCond;
import net.ibizsys.central.util.SearchGroupCond;
import net.ibizsys.central.util.*;
import net.ibizsys.model.dataentity.defield.IPSDEField;
import net.ibizsys.model.dataentity.priv.IPSDEUserRole;
import net.ibizsys.model.dataentity.priv.IPSDEUserRoleOPPriv;
import net.ibizsys.runtime.security.DataAccessActions;
import net.ibizsys.runtime.security.DataRanges;
import net.ibizsys.runtime.security.IUserContext;
import net.ibizsys.runtime.util.*;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

import java.util.*;

/**
 * 权限适配
 *
 * @author xignzi
 * @date 2024/3/5
 */
public class DefaultAdapterDataEntityAccessManager extends DataEntityAccessManager {

    @Override
    protected List<IPSDEUserRole> getPSDEUserRoles(IEmployeeContext iEmployeeContext, String strAccessAction) {
        List<IPSDEUserRole> authorities = new ArrayList<>();

        // 实体默认能力
        List<IPSDEUserRole> iPSDEUserRoles = new ArrayList<>();
        List<IDEUserRoleRuntime> iDEUserRoleRuntimes = this.getDefaultDEUserRoleRuntimes();
        if (iDEUserRoleRuntimes != null) {
            iDEUserRoleRuntimes.stream().forEach(iDEUserRoleRuntime -> iPSDEUserRoles.add(iDEUserRoleRuntime.getPSDEUserRole()));
        }
        if (iPSDEUserRoles != null) {
            iPSDEUserRoles.stream().forEach(iPSDEUserRole -> {
                List<IPSDEUserRoleOPPriv> iPSDEUserRoleOPPrivs = iPSDEUserRole.getPSDEUserRoleOPPrivs();
                if (iPSDEUserRoleOPPrivs != null) {
                    if (iPSDEUserRoleOPPrivs.stream().anyMatch(iPSDEUserRoleOPPriv -> iPSDEUserRoleOPPriv.getDataAccessAction().equals(strAccessAction))) {
                        authorities.add(iPSDEUserRole);
                    }
                }
            });
        }

        // 系统用户能力
        if (true) {
            List<ISysUserRoleRuntime> userSysUserRoleRuntimes = this.getSystemAccessManager().getUserSysUserRoleRuntimes();
            if (userSysUserRoleRuntimes != null) {
                userSysUserRoleRuntimes.stream().forEach(userSysUserRoleRuntime -> {
                    List<IPSDEUserRole> userIPSDEUserRoles = userSysUserRoleRuntime.getPSDEUserRoles(this.getDataEntityRuntime().getId());
                    if (userIPSDEUserRoles != null) {
                        userIPSDEUserRoles.forEach(userIPSDEUserRole -> {
                            List<IPSDEUserRoleOPPriv> iPSDEUserRoleOPPrivs = userIPSDEUserRole.getPSDEUserRoleOPPrivs();
                            if (iPSDEUserRoleOPPrivs != null) {
                                if (iPSDEUserRoleOPPrivs.stream().anyMatch(iPSDEUserRoleOPPriv -> iPSDEUserRoleOPPriv.getDataAccessAction().equals(strAccessAction))) {
                                    authorities.add(userIPSDEUserRole);
                                }
                            }
                        });
                    }
                });
            }
        }

        // 系统管理员能力
        // if (authenticationUser.getAdminuser() == 1) {
        if (iEmployeeContext.isSystemadmin()) {
            List<ISysUserRoleRuntime> adminSysUserRoleRuntimes = this.getSystemAccessManager().getAdminSysUserRoleRuntimes();
            if (adminSysUserRoleRuntimes != null) {
                adminSysUserRoleRuntimes.stream().forEach(adminSysUserRoleRuntime -> {
                    List<IPSDEUserRole> adminIPSDEUserRoles = adminSysUserRoleRuntime.getPSDEUserRoles(this.getDataEntityRuntime().getId());
                    if (adminIPSDEUserRoles != null) {
                        adminIPSDEUserRoles.stream().forEach(adminIPSDEUserRole -> {
                            List<IPSDEUserRoleOPPriv> iPSDEUserRoleOPPrivs = adminIPSDEUserRole.getPSDEUserRoleOPPrivs();
                            if (iPSDEUserRoleOPPrivs != null) {
                                if (iPSDEUserRoleOPPrivs.stream().anyMatch(iPSDEUserRoleOPPriv -> iPSDEUserRoleOPPriv.getDataAccessAction().equals(strAccessAction))) {
                                    authorities.add(adminIPSDEUserRole);
                                }
                            }
                        });
                    }
                });
            }
        }

        // 系统角色分配固定能力
        List<ISysUserRoleRuntime> iSysUserRoleRuntimes = this.getSystemAccessManager().getSysUserRoleRuntimes(iEmployeeContext);
        iSysUserRoleRuntimes.stream().forEach(iSysUserRoleRuntime -> {
            List<IPSDEUserRole> followPSDEUserRoles = iSysUserRoleRuntime.getPSDEUserRoles(this.getDataEntityRuntime().getId());
            if (followPSDEUserRoles != null) {
                for (IPSDEUserRole followIPSDEUserRole : followPSDEUserRoles) {
                    if (!"CAT1".equals(followIPSDEUserRole.getUserCat()) && !followIPSDEUserRole.isSystemReserved())
                        continue;
                    List<IPSDEUserRoleOPPriv> iPSDEUserRoleOPPrivs = followIPSDEUserRole.getPSDEUserRoleOPPrivs();
                    if (iPSDEUserRoleOPPrivs != null) {
                        if (iPSDEUserRoleOPPrivs.stream().anyMatch(iPSDEUserRoleOPPriv -> iPSDEUserRoleOPPriv.getDataAccessAction().equals(strAccessAction))) {
                            authorities.add(followIPSDEUserRole);
                        }
                    }
                }
            }
        });

        return authorities;
    }
}
